Testing Server Message Block (SMB) ports for the EternalBlue vulnerability (MS17-010) involves verifying whether a system’s Port 445 is running a legacy, unpatched version of the SMBv1 protocol. Initially leaked in 2017 and famously utilized in the WannaCry ransomware attacks, this critical vulnerability permits remote code execution at the system level. The scanning process consists of verifying that the port is open and then utilizing automated tools to run safe vulnerability checks. Step 1: Network Reconnaissance (Nmap)
Before executing a vulnerability scanner, you must confirm that the target machine has its SMB port open.
Open your terminal on an administrative or penetration-testing environment like Kali Linux.
Run a targeted port scan against your destination IP using Nmap Network Mapper: nmap -p 445 Use code with caution.
Verify that the state of Port 445 (microsoft-ds) returns as open. If it is filtered or closed, the system is not reachable via SMB.
Step 2: Native Vulnerability Checking with Nmap Scripting Engine (NSE)
Nmap includes safe, built-in scripts capable of querying the SMB version without exploiting or crashing the system.
Use the dedicated smb-vuln-ms17-010 script to probe the targeted host: nmap –script smb-vuln-ms17-010 -p 445 Use code with caution. Analyze the generated report output:
VULNERABLE: The script will explicitly output State: VULNERABLE along with risk details if the MS17-010 patch is missing.
Clean Output: If the host is patched, the script will finish without indicating vulnerability. Step 3: Verifying with Metasploit Auxiliary Scanner
To cross-verify your findings or perform bulk scanning across large subnets, you can use the Metasploit Framework auxiliary modules. How to Exploit the EternalBlue Vulnerability on Windows
Leave a Reply